Protecting Your Data With TrueCrypt

Laptops provide convenience. Not being tied to one spot to use your computer gives you the freedom to work or play on your schedule. No longer does a vacation leave you disconnected from the world. You can take your computer with you to a coffee shop for a change of scenery while still bringing your files and programs with you.

But just as you can easily take your computer with you, someone else can take your computer with them. A thief can pick up your laptop in a moment and be gone before you notice during a moment’s inattention. Your laptop can be left in a cab, on an airplane, or at a hotel. Most often the thief just wants the hardware to sell, but they also gain access to everything on your laptop. Encryption can protect your data, but can be difficult to use. TrueCrypt can provide a simple and reliable way to protect your data.

Editor’s note: We covered TrueCrype in an earlier article almost 9 months ago here. This article aims to provide an updated perspective.

Why Encryption?

Imagine your financial documents, the new product at work you brought home to finish up, or those personal files all now in the hands of a thief. Imagine that information in the hands of an identity thief, your competitor, or just posted to the Internet for all to see.

Encryption takes your files and encodes them them so they cannot be accessed without the correct decryption method, most often a password. TrueCrypt allows you to create encrypt and maintain an encrypted drive whose contents are therefore protected. Without the password, the contents of the drive cannot be accessed. This drive can either be an external drive such as a USB drive or a virtual disk that exists as a file on your computer. The drive supports on the fly encryption allowing you to treat this encrypted drive as just another drive on your computer. It can also encrypt your entire Windows based computer for greater protection.

Install TrueCrypt

Begin by downloading the TrueCrypt software from the TrueCrypt web site. Once you’ve downloaded the installer, run it, and install with the default options.

TrueCrypt is a powerful and complex program with many options that can intimidate or confuse the first time user. We’ll only use the basic options to show you how to protect your data with the least problems. The documentation provides info on the extra options that can handle more advanced needs such as greater security or plausible deniability of data being hidden.

Creating a Virtual Encrypted Drive

TrueCrypt Main Window

TrueCrypt Main Window

You can use TrueCrypt without an addition physical drive by creating a virtual encrypted drive. This is a file on your computer that TrueCrypt will then mount so that Windows sees it as a hard drive. This virtual drive will appear as a normal drive on your computer, but all data stored on it will be encrypted. All encryption and decryption takes place on the fly letting you copy files to and from this virtual drive as you would a real drive.

Create Drive

Selecting to Create a Virtual Encrypted Drive in TrueCrypt

To create a Virtual Encrypted Drive in TrueCrypt first click Create Volume. Select the first option to Create Encrypted File Container and Click Next. Choose to create a Standard TrueCrypt Volume and Click Next.

You will now choose the location and name of the file that will contain your virtual drive. TrueCrypt doesn’t require this file to have a specific name or extension. You can name it something obvious like my-encrypted-drive.tc or give it an obscure name like birthdaysong.wav. Whatever name and location you pick, choose something you can find remember later and click Next. TrueCrypt will now allow you to choose the encryption option. If you are not sure of what to put in, the defaults will work well. Now select the size of the file. The file must fit onto your drive and be large enough to contain the data you want to place there.

You must now enter a password to protect the file. This should be a complex password that’s easy for you to remember, but very difficult for someone else to guess. Remember that anyone with this password will be able to access your protected data. TrueCrypt recommends a password at least twenty characters long. Be sure to remember this password. If you forget it, then you will not be able to access the data on your encrypted drive.

You should now select the file system type. If you’re only using the device on your computer, select NTFS. For a smaller drive or if you want to share the encrypted drive with computers running other operating systems, select FAT. Choose Next.

New TrueCrypt Drive Formatted

The Newly Created Virtual Encrypted Drive has been formatted.

You will now be asked to randomly move your mouse randomly within the window. TrueCrypt takes the randomness of this data to better protect your drive. After at least thirty seconds, click Format. Your drive will now be created and formatted.

Encrypt an External Drive

TrueCrypt can also protect data on an external USB key or other external hard drive. This allows you the convenience of storing your data on a portable drive with the security of knowing the data is protected if the USB key is lost. The process is very similar to creating a virtual drive.

First attach the device you want to protect to your computer. Start the Create Volume Wizard within TrueCrypt as before, but select encrypt a non-system partition/drive instead of Create Encrypted File Container. Again choose a standard volume. You will then be asked to choose the device you wish to encrypt. This will be the external drive you’ve attached to your computer.

If the destination is empty, simply create the volume and encrypt it. If you already have data on the device, you can choose encrypt partition in place. This takes longer, but preserves the data already on your drive. You again can change the encryption options if you wish, but as before the defaults will work for most situations. You will not need to choose the size since you are protected a device. As before choose a password to protect the encrypted drive. You then choose the file system on the drive and wiggle your mouse around to improve the encryption. Then click next and wait for the drive to format and encrypt.

You now will have a formatted drive that you can safely store confidential data onto.

Mount an Encrypted Drive

TrueCrypt Mount Drive

Selecting the virtual drive named Encrypted under Documents to mount as the H drive

However you created the drive, using it follows the same process. First you select a drive letter that is not currently in use on your computer. Then you select either the file your created containing the virtual drive or the device that you encrypted. Now click Mount. Enter the password you chose for the volume and you will see a new drive on your computer.

Anything you save or move to this drive will be encrypted. You can safely store anything you wish to this drive and know that it will only be visible to someone knowing the correct password. However while the drive is mounted anyone can access the drive just as any other Windows drive. To protect the contents, you must dismount the drive to protect the data from prying eyes.

Encrypt the Entire Drive

For the greatest level of protection TrueCrypt can encrypt the entire windows system. This option will require a password before the computer boots and protects all data on your computer. It provides the ultimate comfort in knowing nothing on your computer can be accessed.

TrueCrypt Encrypt System Drive Option

Menu Containing Option to Encrypt System Drive

Under the System menu, click Encrypt System Partition/Drive. Again you can select either a normal or hidden system. In most cases you will then choose to encrypt the entire drive. You can then choose to also encrypt any hidden data at the end of the drive (this is rare on consumer laptops). Tell TrueCrypt if you’re running a single or multiple operating systems. Again choose the encryption options and a password. TrueCrypt will then generate keys.

You will now be asked to create a rescue disk. You cannot skip this step and should not. Without this rescue disk a Windows error can leave you unable to access or use your computer or access your data. This disk allows you to repair or decrypt the drive in case of problems. This disk still requires the correct password to access your computer so there is no risk of the data being compromised.

The encryption of your computer occurs in place. While it encrypts you can continue to use your computer, shut down, or restart your computer. Once it completes, everything on your computer is now protected. When you boot your computer you will be asked for the password before your computer boots. Now all the data on your computer will always be protected and encrypted while you are using Windows. Without the password others cannot see your data. To protect your data make sure to shut down your computer when you’re done working on it.

Conclusion

Taking your computer with you brings the risk of it being lost or stolen. While the loss of your hardware can be troublesome, the loss of your data can be devastating. Lost work data can leave your company with a PR black eye or facing legal action. Lost personal data can lead to identity theft or embarrassment.

TrueCrypt provides a free and effective way to seamlessly encrypt your data. Data protected by encryption is only visible to the user with the appropriate credentials. For ultimate protection you can encrypt and protect your entire Windows computer. This will keep everything away from prying eyes and ensure your data’s safety. You can also encrypt a portable drive or create a virtual drive just to keep important files safe.

However you use TrueCrypt, you’ll find it a valuable way to protect the documents and files on your computer and give you piece of mind that if lost, your data is still safe.